Module Krb_public.KeytabSource

A keytab (key table) is a file containing pairs of kerberos principals and encryption keys. You can use a keytab file to do kerberos authentication without having to enter a password (the key is derived from your password). Keytab's are generally used for 2 reasons:

  1. Kerberized servers *SHOULD* have a keytab so they can accept encrypted data from clients, unless they are running as human users
  2. Kerberized clients *MAY* use a keytab to obtain initial credentials (tgt). This might be useful for a long running application, so you don't need to type in a password to refresh credentials.

For a more complete explanation, see the MIT krb5 documentation: http://web.mit.edu/kerberos/krb5-latest/doc/basic/keytab_def.html

Sourcemodule Path : sig ... end

Ensure the keytab can be loaded successfully and contains an entry for the given principal. This does not verify whether the keytab is up to date, since it only performs offline checks.

Like validate but takes a path and principal name

Sourceval add_entry : t -> password:string -> enctype:Krb_internal_public.Std.Enctype.t -> kvno:int -> principal:Principal.t -> unit Async.Deferred.Or_error.t
Sourceval add_new_entry_for_all_principals : ?kvno:int -> t -> password:string -> unit Async.Deferred.Or_error.t

For each principal and enctype in the keytab, add a fresh key generated from the provided password.

  • There must not be principals with conflicting keys with the latest kvno.
  • If no kvno is provided, uses value one greater than the latest kvno found in the keytab.
Sourcemodule Stable : sig ... end